Massive SQL injection attack compromises 380,000 URLs
A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected …
Cybercriminals and their favorite baits
According to PandaLabs research, 25 percent of sites used video and multimedia content as bait; 21.63 percent referred to installers or program updates; 16.53 percent claimed …
Qualys partners with StopBadware
Qualys is partnering with the non-profit anti-malware organization StopBadware. The two organizations will leverage one another’s strengths to bolster the Web’s …
New ransomware variant in the wild
A new variant of a piece of ransomware seen in the wild late last year has begun targeting users that made the mistake of landing on the site that serves it via drive by …
Spotify has been displaying malicious ads
Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users …
Randomization of code and binaries for evading AV solutions
An interesting detection evasion technique by a site that serves fake AV has recently been spotted by a Zscaler researcher. The site’s source code has been randomized so …
Japan leakage analysis emails with malicious XLS attachments
Japan’s seemingly unending series of misfortunes has so far generated a vast variety of online scams. The latest one includes spam emails containing Excel attachments …
Play.com customers receiving malicious emails, Silverpop blamed
The notification and the warning that Play.com sent out to its customers following a breach of systems belonging to the company that handles part of its marketing …
63% of schools plagued by two IT security breaches a year
With 63 percent of schools experiencing malware outbreaks or unauthorized user access at least twice a year, the results of a Panda Security survey indicate that IT security …
Malicious app found in Android Market
To infect a mobile device, the Rootcager/DroidDream Trojan used two known exploits: exploid and rageagainstthecage. If the first one failed to root the device, the malware …
34 SCADA vulnerabilities revealed
It is safe to say that the existence of SCADA (supervisory control and data acquisition) systems was a fact unknown to many before the advent of the Stuxnet worm, and not many …
Japanese tsunami videos lead to malware
A new Japanese disaster themed campaign is doing the rounds of inboxes. The e-mails supposedly offer links to videos about “The village that escaped the tsunami”, …